Microsoft Teams exploitation in cyberattacks ramp up

Cybernews reports that Microsoft Teams has been increasingly leveraged by cybercriminals and state-backed threat actors to facilitate illicit cyber activity. Aside from being harnessed to identify vulnerable users and tenants as part of reconnaissance efforts, Teams has also been exploited to enable social engineering techniques resulting in the eventual delivery of various malicious payloads, according to a report from the Microsoft Threat Intelligence team. While initial access broker Storm-1674 tapped Teams to deploy TeamsPhisher and other red teaming tools that injected DarkGate and other malware, other hacking operations AADInternals and other popular admin tools to deliver backdoors on Teams. Teams abuse also allowed persistence in compromised environments, as well as direct data exfiltration and ransom note delivery. "Octo Tempest has used communication apps, including Teams, to send taunting and threatening messages to organizations, defenders, and incident response teams as part of extortion and ransomware payment pressure tactics," said Microsoft researchers, who urged organizations to harden their Teams environments with more stringent access controls.